Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
	helo=mx.sourceforge.net)
	by sfs-ml-1.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <pete@petertodd.org>) id 1UZOQ7-0004RM-VR
	for bitcoin-development@lists.sourceforge.net;
	Mon, 06 May 2013 16:37:47 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of petertodd.org
	designates 62.13.148.113 as permitted sender)
	client-ip=62.13.148.113; envelope-from=pete@petertodd.org;
	helo=outmail148113.authsmtp.com; 
Received: from outmail148113.authsmtp.com ([62.13.148.113])
	by sog-mx-2.v43.ch3.sourceforge.com with esmtp (Exim 4.76)
	id 1UZOQ6-0003Xo-35 for bitcoin-development@lists.sourceforge.net;
	Mon, 06 May 2013 16:37:47 +0000
Received: from mail-c226.authsmtp.com (mail-c226.authsmtp.com [62.13.128.226])
	by punt10.authsmtp.com (8.14.2/8.14.2/Kp) with ESMTP id
	r46GbcV3070341; Mon, 6 May 2013 17:37:38 +0100 (BST)
Received: from petertodd.org (petertodd.org [174.129.28.249])
	(authenticated bits=128)
	by mail.authsmtp.com (8.14.2/8.14.2/) with ESMTP id r46GbXS2068383
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
	Mon, 6 May 2013 17:37:35 +0100 (BST)
Date: Mon, 6 May 2013 12:37:32 -0400
From: Peter Todd <pete@petertodd.org>
To: Jeff Garzik <jgarzik@exmulti.com>
Message-ID: <20130506163732.GB5193@petertodd.org>
References: <CANEZrP1YFCLmasOrdxdKDP1=x8nKuy06kGRqZwpnmnhe3-AroA@mail.gmail.com>
	<20130506161216.GA5193@petertodd.org>
	<CA+8xBpfdY7GsQiyrHuOG-MqXon0RGShpg2Yv-KeAXQ-503kAsA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="98e8jtXdkpgskNou"
Content-Disposition: inline
In-Reply-To: <CA+8xBpfdY7GsQiyrHuOG-MqXon0RGShpg2Yv-KeAXQ-503kAsA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Server-Quench: 41f12d47-b66b-11e2-98a9-0025907ec6c5
X-AuthReport-Spam: If SPAM / abuse - report it at:
	http://www.authsmtp.com/abuse
X-AuthRoute: OCd2Yg0TA1ZNQRgX IjsJECJaVQIpKltL GxAVKBZePFsRUQkR
	aQdMdgQUFVQNAgsB AmUbWlNeU1p7WmY7 ag1VcwRfa1RMVxto
	VEFWR1pVCwQmQxgH cUx2MRtycQ1FcH0+ ZEdnWnQVWEUsdEQp
	RklJR2sAN3phaTUd TUlQJgpJcANIexZF bQUsUiAILwdSbGoL
	NQ4vNDcwO3BTJTpY RgYVKF8UXXNDMj8n TBccEC8+WkQJSz97
	NxUtKVMABw5RLUwp YxMaVEgGMhQfQgdf A1ovSCFePREZXTct
	AA8SW0kSHSYcKQAA 
X-Authentic-SMTP: 61633532353630.1020:706
X-AuthFastPath: 0 (Was 255)
X-AuthSMTP-Origin: 174.129.28.249/587
X-AuthVirus-Status: No virus detected - but ensure you scan with your own
	anti-virus system.
X-Spam-Score: -1.5 (-)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
	See http://spamassassin.org/tag/ for more details.
	-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
	sender-domain
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Headers-End: 1UZOQ6-0003Xo-35
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Discovery/addr packets (was: Service bits
 for pruned nodes)
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
	<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2013 16:37:48 -0000


--98e8jtXdkpgskNou
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 06, 2013 at 12:20:12PM -0400, Jeff Garzik wrote:
> > Security will be no worse than before - if any one server/seed is honest
> > you're ok - and hopefully better due to the accountability. Obviously
>=20
> Indeed, the DNS seeds are just servers run by trusted individuals anyway.

Yup, and lets be really clear here: what I'm saying about existing DNS
seeds selecting peers from a wider pool isn't to fundementally reduce
the trust in those seeds, it's to reduce the amount of effort the people
*running* the seeds need to expend to return safe results.

> In either case, bitcoinj definitely wants fixing for its over-reliance
> on DNS seeds.  This has been noted as a problem for a while.

Anyway, DNS returns unsigned data usually - DNSSEC is not widely
implemented - so at least an alternative seed system with SSL certs
could provide a way of getting results from the seed to you in the first
place with a different set of vulnerabilities.  (I'm not going to say
it's really more secure - your ISP can MITM your connections to those
remote nodes anyway - but the types of attacks are at least different)

Speaking of, off-topic for this discussion, but in the future
node-to-node communicate should be encrypted and signed, and seeds
should have a mechanism to return the pubkey the node will use for
communication. This would protect against your ISP MITM attacking your
communications with every node. Of course, Tor hidden service nodes do
this already essentially.

--=20
'peter'[:-1]@petertodd.org
000000000000001882c602178bd4dc6501ecd65db1e1380224be98c923043c07

--98e8jtXdkpgskNou
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlGH3EwACgkQpEFN739thoxKQACfRrVV4OPjrpSTjB/p3loJl9tQ
g+0AnRorqNdFfFGoy66hJrLe/Lu4UlA3
=xY63
-----END PGP SIGNATURE-----

--98e8jtXdkpgskNou--